Given the number of high profile cyber security breaches that unfolded in 2014, we reviewed how some affected companies handled the communications around their respective crises. The purpose was to spot common measures that worked well. If a company gets hacked, there are measures that can be implemented to minimize the damaging aftermath. How well they handle the communications of a breach will influence ultimately how a company will be judged by the public and portrayed by the media.

Let’s face it, it’s open season for all companies to get hacked. In today’s world, every company is fair game: large or small, regardless of industry or type of operation (online or brick-and-mortar). This is especially true for companies dealing with payments, credit card or consumer information.

Cyber criminals have honed their skills at breaking into organizations previously thought untouchable. Since 2013, cyber thieves have upped their game, hacking into eBay, Target, Home Depot, Michaels, Sony, and JP Morgan, just to name a few. The U.S. Central Command’s social media accounts were even hacked at the first of this year. What’s clear is that today’s hackers have reached a new level of warfare and are employing new tricks they learn with dizzying speed, from commjacking to a wave of malicious browser extensions and plug-ins. 2015 promises an even greater number of high profile breaches. Take for example yesterday’s cyber hack of more than 4 million U.S. Federal workers’ data.

Detection of a breach typically triggers a discovery period followed by an internal investigation to ensure the vulnerability is stopped from allowing further damage. From there, companies then decide how they are going to publicly communicate the damage caused. Here’s 5 important tips to consider.

1. Time-is-of-the-essence
Proactively communicating to the public information about the breach is imperative. Customers or employees need to know how their personal or financial information may have been compromised as early as possible, so that they can take matters into their own hands as well. This information disclosuer also give the company a first-hand opportunity to control the facts, helping to minimize misinformation or fact distortion. Misinformation can potentially harm the company’s reputation more than is necessary, so this is extremely important.

Frequently, companies often find out that they have been hacked post-facto from third parties, like the FBI, investigative reporters, partners or customers all the more reason that they should react fast. Target, Apple, JP Morgan, Michaels and other big name companies, whose data each got compromised, made public announcements within one week or less after they identified details of their respective breaches.

It’s critical to communicate sensitive news to customers as soon as possible – not after news is made public. That’s what happened to Home Depot. On September 2nd, 2014 the retailer publicly admitted a breach had occurred. However, it two weeks pass before it then emailed customers to inform them for the first time about the breach. Ironically, Home Depot was actually planning to communicate to its customers some positive news in that there was no evidence that customers’ debit PIN numbers were compromised. Instead of being perceived positively, Home Depot’s email communication left many customers irate.

The lesson learned here is that some level of timely communication is always better than none. Additionally, it’s important to inform your customers or employees of the breach before making the news public information to the rest of the world. By taking control of the information and specific details around a breach, a company can eliminate room for misinformation or speculation. Otherwise, if a company tries to hide the breach for as long as possible, once the breach becomes public, as they always do, your company will have lost its trust and credibility in the form of stock price drops and lost market value.

2. Get the facts right
Communicating accurate data is even more crucial than taking the lead in public dialogue about the breach. For example, luxury retailer Neiman Marcus got hacked during the timeframe of July through October 2013, yet the company didn’t discover the breach until January 2014. Cyber security blogger Krebs on Security found out about Neiman Marcus’ hack and requested comments from the company. The retailer had to react quickly and publicly admit that “about 1.1 million cards could have been potentially visible to the malware.” One month later after completing its investigation, the company lowered the estimate of cards actually comprised to 350,000. While the first public announcement provided just an approximate number of potentially exposed accounts, it allowed the retailer to later downsize this number once it completed its internal investigation. Ensuing headlines such as “Neiman Marcus downsizes the number of cards compromised” were actually perceived by the public in a more positive light.

A somewhat similar story happened to a transaction processing company Global Payments. News about a major breach in Visa and MasterCard broke on a Friday morning, March 30, 2012. There was no information about which credit card transactions provider had been hacked just some “sources in the financial sector” suggesting the breach may have involved more than 10 million credit cards. Hours later Global Payments confirmed the breach without specifying how many credit cards were affected.

Two days after the story broke, Global Payments announced that the number of potential stolen cards was only 1.5 million compared to the 10 million that the media had initially reported. Thus, by taking some time to investigate the hack, Global Payments was able to downgrade the level of the breach. The company got a chance to communicate and clarify some positive findings that “names, addresses and social security numbers were not obtained by the criminals.” As a result, the company’s handling of its crisis was handled well given the circumstances.

3. The CEO drives the conversation
Assigning one person within the team to be responsible for handling all media communications pertaining to the breach makes the communications consistent and timely. Generally, breaches have broad implications around privacy and sensitivity, so it’s sometimes ideal for the CEO to take the lead and be the face and voice of the company spokesperson who talks to the public. Target’s former CEO, Gregg Steinhafel, handled the aftermath of the breach rather well. He proactively disclosed to customers investigative findings as each new finding surfaced and went on to implement successful measures to begin a long road to rebuilding the company’s reputation.

4. Launch responsive, multi-channel communications
It’s important to reach out to customers directly using all possible channels – email, phone, snail mail, traditional and social media (i.e., YouTube), as well as prompt responses to answer customer questions and address their concerns. It’s also a good idea to proactively maintain regular email communication with customers and constituents to keep them informed as the investigation proceedings unfold. If company communications sound genuinely apologetic, customers are more likely to stay satisfied with the way the company is resolving the breach.

Companies that are hacked should strive to keep their customers informed in a timely manner even as the incident becomes fully contained and the malware doesn’t present a threat to customers anymore. Regaining customers’ confidence is essential, so they can begin to feel safe buying from the company again.

5. At your service
Different instruments can help arm customers with helpful knowledge about what additional measures they may need to take. Here’s some additional customer communication tools worthy of consideration.

Target Corporation created a comprehensive FAQ that answered customers’ most important questions, enabling them to determine whether or not they were affected and if so, what the risks were. As a result, public and media got the impression that Target was doing everything possible to protect customers from further negative consequences.

Giving customers as much information as possible about potential risks helps to earn back and nurture customers’ loyalty. For example, Target, Home Depot, Michaels as well as some other companies published on their respective websites lists of stores that were affected during particular periods of time, so that customers could self-identify if they were at risk or not.

Target, Michaels and other retailers also established customer hotlines, some that were 24-hour, specifically for handling customer inquiries related to the breach, so that people could call in to get immediate answers, helping to alleviate their concerns.

Prepare and publish key security measures that customers can take to further protect their personal information after a breach.

Companies should consider creating a YouTube video with the CEO discussing the breach with customers. The video can serve to provide more guidance on what customers should do to protect themselves and what new safeguards the company is undertaking.

Target, Home Depot, Michaels and others offered a range of free services to help their customers who might have been affected, such as identity protection, credit monitoring and fraud assistance.

A data breach can and should be managed in a way that can help redirect media coverage from negative to neutral. It’s also important that the company considers some of the hard lessons learned by other businesses that were hacked. What’s certain is that stakeholders and the media need to be given enough evidence that the company is reacting swiftly to do everything possible to eliminate the aftermath. The company also needs to demonstrate that it is proactively communicating in a transparent way to its customers and employees. Finally, it needs to increase its investments around security so that its systems are as strong as possible and can keep up with new ways that cyber criminals are testing to find or create new weak links to exploit.

Have you ever wondered how safe that “free WiFi hotspot” is in the airport or at your local coffee shop? Well increasingly… not very safe at all. Check out the newest startup that Ignite PR recently launched, CoroNet, which is the only vendor able to address this alarming new hack attack. “Commjacking” is a new ploy cyber criminals can apply to fake you out and go to town with all of your personal data, business files, passwords, etc. Kudos to CoroNet’s selection and participation as part of TechCrunch Disrupt’s distinct Battlefield 2015 contenders. You can read about CoroNet in American Banker, CIO, Network World, CSO, ComputerWorld, Forbes, iDigitalTimes, TechCrunch and many more who covered this up and coming security software’s launch.

March 13, 2014

Leah Goodman’s recent article in Newsweek, “The Face Behind Bitcoin,” exposing the alleged identity of Bitcoin’s inventor, Satoshi Nakamoto, raises many important questions about the boundaries and ethics of journalistic freedom. By using the technique of “doxing,” using sources on the Internet to trace someone and gather information about them, Ms. Goodman outed Mr. Nakomoto.

Leah Goodman’s recent article in Newsweek, “The Face Behind Bitcoin,” exposing the alleged identity of Bitcoin’s inventor, Satoshi Nakamoto, raises many important questions about the boundaries and ethics of journalistic freedom. By using the technique of “doxing,” using sources on the Internet to trace someone and gather information about them, Ms. Goodman outed Mr. Nakomoto.

Goodman’s story set off a firestorm. Criticized by many for how she obtained her evidence, followed by her decision to out Satoshi Nakamoto, her journalistic integrity is being questioned publicly. Many people believe that the accused is not Bitcoin’s founder, and feel that Goodman put Nakamoto at risk – in her rush to “break” the story. He has since granted an interview with Associated Press both denying Goodman’s allegations and any affiliation with Bitcoin.

Bitcoin, a digital currency that was developed in response to a basic mistrust and lack of confidence in the U.S. dollar, has many powerful forces allied against it. These interests include, but are not limited to, the U.S. government, Federal Reserve, and U.S. banking industry. Arguable, these parties are waging a propaganda war to discredit Bitcoin as an alternative to the U.S. dollar–for example, linking Bitcoin’s use to drug money and money laundering. A simple Google search on the term “Bitcoin money laundering” yields over 2 million hits.

Bitcoin, like other commodities and currencies, has wild price fluctuations, and as an immature currency is volatile. Some eager investors who bet on the currency, hoping to make a quick buck, instead netted financial losses. The founder of Bitcoin should not be accountable for Bitcoin investment losses – nor should they be put in a position of vulnerability with photos of their house, as Goodman offered as an exhibit.

Despite a public backlash to her story, Goodman is adamant that she has identified the right person. She claims her story is a culmination of 2 months of work in following leads and gathering facts. So where does one draw the line between investigative journalism and tracking down someone who has gone to great lengths to protect their anonymity because they might value privacy?

Was Leah Goodman’s dogged pursuit to uncover the identity of Bitcoin’s architect done out of a desire to satisfy the public interest ‘need to know’ or a result of her ambition to be the “first” to break this story?

One of the first obligations of a journalist is to keep the larger public interest in mind when reporting on a story. Prior to Goodman’s Newsweek account, the identity of Bitcoin’s founder had been shrouded in mystery. Does knowing their name, what they look like, and seeing photos of someone’s house, serve the public’s best interest and “need to know”? Does making a person vulnerable or protecting their safety matter?

Under false pretenses, Goodman contacted Nakamoto and started a dialogue about their mutual interest in model trains. Did she cross the line between covering the story and stepping beyond journalistic conventions here as well?

When is it ok to manipulate, overlook or even break the rules of reporting?

Courts often redefine what is private based upon interpretations of the legal term “reasonable expectation of privacy.” Did Goodman violate Nakamoto’s privacy by publicizing the small town and pictures of his home, or was she just following journalistic protocol to discover his identity? If yes, should she in any way be held accountable if this knowledge results in harm to Mr. Nakamoto (by estimation he is a Bitcoin-based multi-millionaire).

While some say that Leah Goodman’s outing of Satoshi Nakamoto is brilliant journalism, others question her ethics. What is not in question is the controversy that this story has created. Here’s the infamous Newsweek article. You decide.

February 26, 2014

Paula Deen’s second apology earlier this week at the South Beach Wine and Food Festival has rekindled concerns that she may have dug her self-made grave a little bit deeper. Months after her brand went into a tailspin following a racial and sexual harassment scandal, many are questioning whether this new apology was from the heart.

A public apology can make all the difference to a brand’s bruised reputation. Here are some tips to make sure your apology comes off as sincere:

Recognize that your actions or words have caused hurt or harm. In other words, own up to the damage you have created.

Don’t wait too long to say you’re sorry; stalling raises doubts as to whether you’re apologizing on your own accord or perhaps are unwilling to apologize at all. Even if you seek out a crisis communications expert to help guide you, “time is of the essence” and will indeed be a factor as to how the public judges your response.

Don’t beat around the bush. Actually saying the words “I’m sorry” goes a long way than a questionable “I apologize”, which isn’t sincere or thorough particularly when the stakes are high and the media and public are watching.

February 14, 2014

There are a few important lessons that any executive may want to take away from the CEO of AOL’s rather public stumbles of late. Tim Armstrong’s recent 401K fiasco is an example of management style lacking compassion. To recap, early this month AOL quietly decided to amend its 401K policy, which would severely penalize any employee who left before the last day of the calendar year, stripping them of any contribution the company would have made to their 401K account.

Once the inevitable backlash began, Armstrong attributed the 401K decision to two AOL employees and their “distressed babies” that cost the company one million dollars in medical bills each. Even though AOL’s recent earnings call announced its most successful financial year — in the last decade. The CEO’s insensitive comments only intensified the Internet storm. Facing his self induced “P.R. Nightmare”, he had no choice but to reverse the 401K policy move and publicly apologize.

This isn’t the first time that Tim Armstrong has gotten himself into hot water; he fired an employee, in front of everyone, because the employee took a picture with his cellphone during an internal company meeting. How he handled dismissing the employee ultimately led to another public apology that he had to make. In the age of Twitter, Instagram, Vine, etc., the notion of an “internal” meeting isn’t so “off-the-record” anymore, neither verbally or otherwise. Given the range of technologies, apps, and devices that people have at their disposal to capture any and everything that is said or done, executives need to exercise great restraint in what they say or do to who, how, when and where. Just ask the 2 U.S. diplomats whose “private” phone conversation was recently leaked, revealing an f-bomb insult at the EU.

In recognition of Wisdom Week that kicks off tomorrow, Soren Gordhamer, founder of Wisdom 2.0 Conference, held a special lunch earlier this week with Jeff Weiner, CEO of LinkedIn. The leadership approach of Tim Armstrong and Jeff Weiner appears to be vastly different. During the keynote lunch, Jeff discussed his genuine belief in and ongoing practice of compassionate management. Arguably, the art of being compassionate and managing compassionately is non-trivial for most people — let alone managers and executives. For most of us, it is a noble trait that must be practiced often. Jeff Weiner shared how by actively making compassionate management a part of the company’s core values, LinkedIn has benefited greatly. LinkedIn’s management team and employees have internalized this value and put it into practice daily. Mr. Weiner believes that compassionate management should be taught in K12, higher education, and executive development as well.

There is a growing movement around a similar management style called “conscious capitalism”. Conscious capitalism underscores an effort to take care of “ALL” stakeholders (employees, customers, investors, etc.) — not just stockholders. Studies have shown companies that practice conscious capitalism outperform the S&P 500 by more than 10X. With more than 240 million active users, some are predicting that LinkedIn is on a path to becoming the most important publisher. With LinkedIn’s stock hovering just below $200 per share, Mr. Weiner may be onto something with his compassionate management approach.

Comments Off on Stockholders or Stakeholders: A Look at 2 Different Management Styles

December 3, 2012

For more than two decades, Jennifer Kammeyer has been helping businesses tell better stories. From pitching investors to talking to press to managing a crisis, Jennifer works with company leaders so they can communicate their story in a way that will engage the listener and build trust. Because Ignite PR often works with startups, many of which are often new to telling their unique story, we asked Jennifer — who also teaches communication at San Francisco State University — to talk to us about how a startup can improve on verbal expressions of its story. (According to Jennifer, a “verbal expression” is the act of telling your story in-person or on the phone.) Hope you enjoy the Q&A and let us know what you think.

Q: You talk about the importance of a story — can you explain why a company needs to tell a story in order to communicate effectively? Shouldn’t a great product be enough?

JK: Humans are storytellers, and if we want to better understand information, we can use the narrative. According to the Narrative Paradigm by scholar Walter Fisher, all meaningful communication is a form of storytelling with characters, conflicts, and a beginning, a middle and an end.

Q: You break down the story into four parts. What are they?

JK: There are four core elements to a story: sequence, meaning, coherence, and fidelity. “Sequence” is the order — beginning, middle, end. “Meaning” is from the perspective of the audience and is shaped by history, culture, and character. “Coherence” is how the story holds together, or the logic. “Fidelity” (or “credibility”) is the audience’s perspective of if the story rings true — is the story credible to the audience?

Q: Before we talk about your suggestions around telling stories for startups, what do you see companies doing in terms of communicating their message that makes you shake your head?

JK: When do companies need to tell a story? Usually, it’s when they talk to the media, when they’re trying to get financing, when they’re networking, when they’re trying to do their elevator pitch or when they’re trying to motivate employees.

What tends to happen is the story changes depending on the mood of the founder, so there’s variation in the story. Also, it fluctuates depending on who’s telling the story. Coming from the founder, it sounds one way, from the CTO another, and if a VC is telling it, it’s another version.

Often, when the story takes on the perspective of whoever is telling it, the story becomes very disorganized. For example, it could start off as, “Well, I was in college and I had this great idea with someone and I decided to start a company.” So it’ll have a chronological order to the story, but the chronology only makes sense to the person telling it, not to the audience.

Q: What is a better way to tell the story other than chronologically?

JK: This falls under the “sequence” element of storytelling. Set up the problem in the beginning, explore the problem and potential solutions in the middle, and resolve the problem in the end.

From a start-up perspective, you want to clearly identify the need for your product in the market, define your solution, and demonstrate how it is solving the need. So start off with, “There’s a significant problem out here and we’re forming a company to solve the problem.” That kind of start to the story is directed much more at the media. A reporter wants to know, “Why should I write about you?” And the answer to that question probably has nothing to do with you and your friend in college.

Q: You talk about the importance of knowing your audience. Can you talk about why that’s important?

JK: If you know the frame of reference for your audience, then you are able to create “meaning”. If you don’t know your audience, there is no way for you to create meaning or you’re taking a complete chance on creating meaning. The best way to create meaning is to understand your audience’s perspective.

For example, if you’re talking to venture capitalists, their perspective is, “I can make money on companies that have defensible IP.” If you don’t address that issue with a venture capitalist, you cannot be effective because you’re not considering what they need to know from you. You can see it when someone is talking to the The New York Times and telling them everything other than what reporters really need to know, and most often what they want to know is, “How does your company fit into the market space?”

Q: How do you get to know your audience?

JK: The first thing you must figure out is who is the audience and where are they, both geographically and in frame of mind. Taking your audience’s history, culture, and character into consideration is important. From a start-up perspective, you can use the briefing sheets given to you by your PR firm prior to a press meeting to understand your audience.

If you don’t have that option, you can also get to know your audience at the beginning of a conversation by asking questions. Starting with what you have on the agenda for the meeting, say something like, “What I would like to do today is share with you the uniqueness of our technology and how our customers are getting ROI. Is there anything else you’d like me to cover today?” The answer will help you learn what your audience wants to hear. Too often, that kind of question is asked at the end of a conversation. If you do it in the beginning, you can adjust the information you provide so that it has meaning to that particular audience.

Q: What if the product is as dry as can be — do you have any tips as to how to get a good story out of something that may be boring but extremely necessary in the marketplace?

JK: “Interesting” is in the eye of the beholder. With the media, you want to make it interesting to them, but they are really a conduit to your ultimate audience. If your product is not interesting to your ultimate audience, then you’re not going to be able to sell your product.

You can focus on why someone would be interested in your product and tell the reporter exactly that — “I’m here to tell you why your readership will care about this product.” Taking the perspective of whoever wants your offering is really the key to make it interesting. This point goes back to the tendency of the storyteller to take their own perspective — and that is a significant problem that I see. The product may be interesting to you, the tech might be interesting to you, but you have to articulate why you need to be in business. You should be able to articulate who wants what you’re offering and why.

Q: You suggest that details and statistics are what hold a story together — what kind of data is best for telling a story? Numbers or testimonials?

Details and statistics back up the main points of the story. From a start-up perspective, you need logic and data to support what you are claiming. This can come in the form of market data from an analyst firm or testimonials from customers. What happens often is people say, “There’s a great demand for this,” but have no customers. That’s a huge “coherence” break. If everyone is clamoring for your product, then there should be customers. So you shouldn’t tell your story until you’re ready for your story to be told. Do you have funding and do you have customers? I would put customers on the top of the list, but you need both statistics and customer testimonials.

Q: How personal do you think a CEO/founder should get when coming up with a story for the company?

JK: This is part of the “fidelity” element of storytelling. I tend to recommend less personal on a regular basis only because in general, I see it lean toward very personal, very self-centered. I try to move it to a broader focus or perspective.

There has to be enough in the story about the founder that makes people think, “Oh, he or she is the person who can pull this off.” This piece needs to be there for the audience so that whoever is telling the story is credible and the audience needs to believe that the story can be true. Sometimes, with the younger founders, that means talking about their technical capabilities and past success with another company — that information helps with fidelity/credibility.

Partly, credibility is established in advance of any face-to-face or phone meeting and is based on the relationship between the presenter and the listener. It is also established in the communication interaction with both verbal and non-verbal language. From a start-up perspective, you want to be deliberate in your style, your choice of words, how you dress. All forms of communication establish credibility, not just the words you chose.

Q: What is most important for a startup executive to remember about telling their company story?

JK: Always keep your audience in the forefront of your mind, use a narrative structure, and back up your key points with evidence. Oh, and have fun because when you are having fun, people will remember what you say.

“When should we start doing public relations?” is a question that we hear often at Ignite. The answer is not so easy — and even the suggestions we give below are just the tip of the iceberg when it comes to figuring out when to go public with your tech startup, when to start looking for media attention and when to promote your company’s story to the world. Having worked with a multitude of high tech company and product launches, we can say that even though each company should figure out the perfect time to start marketing efforts on a case-by-case basis, there are a few things you can look at to see if you’re ready for PR.

1. BUILD A COMPELLING PRODUCT We cannot emphasize this enough! It’s not sufficient to just have a great idea, a couple of lines of code, and a few dollars to throw at public relations. You might be burning to spread your great news to the world, but not even close to being ready for media scrutiny. First, build a viable product that truly solves a problem for an identified customer segment. Get feedback from those beta users. Break something and fix it. Be wrong a few times and make a few mistakes, but continue to refine the product so your users love it. That product needs to be battle-tested on the back-end before you consider investing in Marketing or PR.

2. MAKE SURE TO HAVE CUSTOMER REFERENCES This advice may be more geared for a B2B or enterprise product, but can also apply to consumer facing startups. In either case, it’s best to have a minimum of two customer references. That means at least two legitimate businesses that are using your product and are willing and able to speak to press about their experience with your product. Note we say that the customer needs to be both willing and able, since some customers’ internal policies — whether they be PR or legal — may not allow them to speak to the media. So if you have great security software and one of your customers is the CIA… you get the point. Most good reporters will ask for customer references, and if you don’t have any, they’ll pass on the story. A better story and one that has meat on its bones is one where customers are willing to dish on what you’ve done for them.

3. BUILDING A BRAND TAKES MONEYGood public relations is not a light switch that you can turn on and off. PR should be looked at as an investment in building market visibility and brand awareness over an extended period of time. Some new companies think, “Oh, if I get into TechCrunch, I’m set.” But public relations is not buying a Super Bowl ad once a year, hoping that the one-off ad is the answer. Good public relations requires an ongoing effort from a company communicating its progress, validation, and milestones on a continuous basis – like a drumbeat. Building market awareness and earning mindshare takes time and evidence. Repetition is important — people need to hear from others they know (WOM) and see your company name in various sources talked about in many different ways. That kind of repetition and visibility requires strategy, execution and tangible proof points (customer wins, traction with developers, downloads, funding, partners, awards, etc.). Building strong market awareness is going to require an investment … aka money.

4. KNOW YOUR MESSAGE Do you know how your product fits into the competitive landscape? We understand that with a startup, messaging can evolve as the company grows and matures, but we still believe that prior to attempting any kind of concerted PR effort, you need to know what makes the company and your product special, compelling, better than what’s out there. Most startups aren’t first movers — in fact, it’s better not to be first — so if you’re second or third, what is so interesting about your product that gives your startup a strong competitive edge? Why should the press care that you’re throwing something into the ring? Why should anyone care? It’s important to figure out the core messages that set the company and its product apart from the others.

5. HAVE A STASH OF AMMUNITION Have some proof that your product/startup is as essential as you say it is. This goes beyond customer references because this tip is more about having something to talk about after you launch the company/product. Because, you launched….now what? If you’re like most startups, reporters are probably not banging down your door. So save something for later — feature enhancements, newsy items such as funding or new exec appointments, customer wins, partnerships, etc. — all these goodies can become part of the evidence that your company is what you say it is, that you’re legitimate and not just a one-time-press-release wonder. If you have these kinds of tangible items in your cupboards, then it might be a good time to ignite your public relations.

March 1, 2012

Recent events involving Google and the Susan G. Komen for the Cure Foundation have raised important reminders about embracing a core mission and what happens when an organization decides to stray away from it. Both Google and Susan G. Komen deviated from their core mission, and as details emerged and public debate intensified, both organizations were forced to confront the unanticipated fallout.

What Went Wrong

Google created an uproar when it began injecting Google+ into search results without providing similar results from rival social networks like Facebook and Twitter. Google’s entire business was founded on the mission of “don’t be evil,” aiming to provide the best, most relevant, unbiased search results. Yet this move broke its promise to users, delivering deliberately biased results. The blogosphere erupted with criticism of Google, and current and former employees expressed dismay with the company’s actions.

Susan G. Komen, the nation’s largest breast cancer organization, found itself at the center of a controversy when it cut off funding to Planned Parenthood clinics for free breast cancer screening. Planned Parenthood provides needed preventative health services to 20% of American women, and its pro-female contingency could not grasp its decision. Susan G. Komen responded by saying it was fulfilling a fiduciary duty to donors by not funding grant applications made by organizations under investigation. (Planned Parenthood is being investigated by a Congressional committee instigated by a staunch anti-abortion activist on claims that it illegally used taxpayer money to fund abortions.) The organization faltered again when it started giving differing explanations for why they cut funds. The fallout: high-level resignations (and threats of resignation), a tsunami of online protests and complaints, boycotts of the organization, and boycotts of its sponsors. This pressure quickly caused the once-revered organization to reverse its earlier move and reinstate Planned Parenthood funding.

Brand Integrity at Stake

Much of the damage to each organization stems from the fact that neither appeared credible once the smoke cleared and the dust settled. Google claims that it lacked access to content from rival social networks was widely debunked, and Komen’s decision to cut Planned Parenthood funding appeared highly politicized despite its assertions to the contrary.

From a strategic perspective, the issue isn’t about good and bad – it’s about brand integrity. Google did not keep in mind the best interests of its users. Furthermore, the company is no longer a startup whose actions go unnoticed, but a large enterprise competing with the likes of Apple and Microsoft. For its part, Susan G. Komen diverted attention, good will, and money away from its core mission – breast cancer activities – by wading into explosive abortion politics.

MG Siegler of tech site PandoDaily summed up this dynamic perfectly. Although he’s writing about Google, the point applies equally to Susan G. Komen or any other organization whose mission has been breached:

“Many of us are stuck arguing the details. The details don’t actually matter. Who has access to what data doesn’t actually matter. What deals are struck behind the scenes doesn’t actually matter. Whether Google is hurting competition by using their position of power doesn’t actually matter. The destruction of the product is all that matters.”

Google may be large and established enough to emerge from this controversy with little more than a black eye. It may also decide to let its search engine take some knocks in the interest of pursuing a long-term-plan that will strengthen its competitive position against the company’s formidable foes.

Susan G. Komen, however, doesn’t appear to occupy such a strong market position nor did its missteps serve a broader strategic purpose. Its sponsors, which had supported a “safe”, apolitical cause, have been put into an awkward position, one they will undoubtedly revisit when it comes time to renewing their sponsorship. Indie band The Decemberists pulled its support from Susan G. Komen, routing its donations for breast health directly to Planned Parenthood. Will other sponsors and donors distance themselves as well?

Understanding Your Core Mission

Google and Susan G. Komen could have potentially avoided the situations they found themselves in. However, it’s easy to play armchair quarterback and pontificate about organizations that got things wrong, when getting things right can sometimes be difficult. As companies grow, core values and missions may change. This happens a lot, particularly at startups, which may need to reshape their brand – sometimes drastically or repeatedly – as their target markets, business model and products evolve. At a minimum, though, companies should take note of others’ experience and make their strategic decisions with a full understanding of what’s at stake: brand integrity, reputation and loyalty. Fully anticipating potential fallout with a bulletproof rationale and communications plan is a good way for companies to protect their brand and more successfully weather change.

What happens when an organization decides to abandon its core mission that it originally embraced? via @IgnitePRow.ly/9oRuo

January 11, 2012

Ignite’s last couple blogs discussed PR mishaps and missteps but we now want to highlight examples of great marketing and PR. Evaluating things that have gone awry is definitely worthwhile, but what can companies do to really shine with good PR? Corporate philanthropy is one activity that stands out and several businesses, both tech and non-tech, have done a great job over the last year with their approach to corporate giving.

It’s common for brands to espouse their belief system and engage in related charitable activities or campaigns. Dove, the maker of soap and beauty products, contributes a portion of its proceeds to “provide inspiring self-esteem programming for girls” and supports partnerships with after-school programs, self-esteem-building events and educational resources. Kaiser Permanente sponsors marathons and farmer’s markets in their push to be associated with healthy living. Through its “Home 4 The Holidays” program, pet food company Iams partners with organizations such as pet adoption centers, shelters and rescues to help find homes for pets.

The tech industry has also produced philanthropists, both large and small. It used to be that the vast majority of foundations and philanthropic assets were in New York. Today, “Silicon Valley has become the epicenter of philanthropy in the U.S., if not the world,” according Bradford K. Smith, President of the Foundation Center, a research organization for philanthropy, fundraising, and grant programs.

In the tech world, Salesforce.com is renowned for philanthropy, spearheaded by Chairman and CEO Marc Benioff, a generous philanthropist in his own right. From its inception, Salesforce.com instituted a “1-1-1” philanthropy model, contributing one percent of its profits, one percent of its equity and one percent of its employees’ hours to charitable efforts. Meanwhile Ignite’s online luxury travel client, Zicasso, a startup that offers a free online travel service connecting travelers with the best travel agents, emulates the 1-1-1 model to support sustainable tourism education and development, volunteer travel, and nature and wildlife conservation. A company doesn’t have to be huge, or necessarily even profitable, to embrace a social mission.

In an interview with Kym McNicholas of Forbes, Benioff named Michael Dell as his greatest philanthropic mentor. According to the Michael & Susan Dell Foundation website, Michael Dell and his wife have given more than $700 million in grants to help transform the lives of children. Similarly, Netscape co-founder Marc Andreessen and his wife Laura Arrillaga, started the Marc and Laura Andreessen Foundation, with Laura also founding a philanthropic organization, SV2, that finances early-stage nonprofits. The Omidyar Network, started by the eBay founder Pierre Omidyar and his wife, Pam, gives grants to nonprofits, while nonprofits like Kiva, DonorsChoose.org, and Causes use the Internet to connect people in need with donors, jobs or supporters.

Companies communicate their values in other ways as well. Patagonia, a company consistently at the forefront of corporate philanthropy, created a stir this past Black Friday with a bold newspaper ad stating “Don’t Buy This Jacket.” In the ad, Patagonia announced their Common Threads Initiative “to build useful things that last, to repair what breaks and recycle what comes to the end of its useful life.” Notably, the ad asks readers to eschew voracious consumption. It may sound ironic that a business trying to sell something would ask such a thing but, in a time of where overconsumption has contributed to a host of ills, we like Patagonia’s hutzpah and tip our hat to their non-product centric, philanthropic approach.

Do values-based campaigns help companies attract and retain customers? We believe that a company’s values can be just as significant to customers as its product or services, and it certainly appears that corporate social missions are being driven by rising consumer and investor demands for socially responsible companies. Corporate values are also key to recruiting talent and building an organization’s work culture. Case in point: if you think that climate-change is a hoax, you may not want to work for a company that donates funds to this cause.

Whether you believe that corporate charitable activities reflect deeply held values or are simply thinly veiled marketing ploys, it’s hard to argue with corporate giving in a time of shrinking government budgets. Does it ultimately matter why a company engages in philanthropy as long as it does? Sure, values-based marketing campaigns with little real substance or dollars behind them seem shady. No matter how bright and shiny a company may seem on the surface, it behooves us to do our homework about them and the old adage “buyer beware” still applies. Nonetheless, we see much evidence for optimism and give two thumbs up to any company that manages to combine success in business with a broader social mission.

This past year saw a number of innovations across consumer and enterprise technologies. The tech IPO, funding and M&A markets were lively. And we saw big changes and personnel moves unfold across the blogosphere and news outlets, such as Michael Arrington leaving TechCrunch. As a result of all this activity, 2011 boasted plenty of big news stories about everything from the cloud and Big Data to social networking, mobile apps and tablets. Nonetheless, some of the biggest tech stories were born out of poor PR. Let’s take a look back at some of this year’s biggest players in the tech community – and the PR Cherry Bombs they dropped. With the benefit of hindsight, we’ll discuss what can be learned from all this. We’ll dissect what these companies did, and didn’t do, to diffuse and transform their situations into good PR.

PR Cherry Bomb #1 – GROUPONThe company’s CEO and PR rep are both culprits in this Cherry Bomb. In June, Groupon filed its IPO, officially entering the SEC’s mandatory quiet period that prevents companies from promoting its own stock. Over the course of the next two months, Groupon was criticized in the media for pre-IPO financial losses, prompting the CEO to write an internal memo debunking these claims that was subsequently leaked to the press. Meanwhile, the company’s PR rep was caught lambasting a journalist for her reporting on Groupon’s pre-IPO financials, directing her to review the “leaked memo.” Press and the SEC came down on the company for violating its quiet period.

Perhaps they were feeling anxious about their IPO, but the CEO and PR rep should have been familiar and in compliance with pre-IPO communication rules. With regard to how they handled some of the negative press on the company: they could have served as a resource and provided third-party references to help the reporter get the facts straight rather than blasting her for purportedly misquoting sources. It’s better to build and maintain a positive, ongoing relationship with media, because if anything, a carefully cultivated relationship greatly increases the likelihood of them writing favorably about a company going forward.

PR Cherry Bomb #2 – PAYPALOne of the most recent PR Cherry Bombs occurred just a few weeks ago. Regretsy, a blog spotlighting handcrafted items mostly from Etsy.com, organized a gift drive for needy kids in the Regretsy community. Just as Regretsy’s owner had done many times before, she set up a PayPal account customized with a “donate” button. Because donations came in so fast during the first few days, PayPal’s internal system triggered a review of Regretsy’s account. Different PayPal reps deemed Regretsy in breach of an existing policy, froze its account, and demanded the company refund all the money, but that it was keeping the transaction fees.

From an outsider’s viewpoint, PayPal’s response appeared rigid and it negatively impacted how people viewed their customer loyalty and service – very important qualities in today’s taxing economic times. Regretsy’s owner immediately blogged about what was happening, setting off a social media firestorm. The backlash was immense, with some saying “PayPal Stole Christmas.”

As it turns out, Regretsy did nothing wrong; PayPal policies were so ambiguous that even its own agents assigned to review the account misunderstood them. In the end, PayPal recognized its mistake and moved quickly to publicly apologize and do the right thing for its longstanding customer. Within 24 hours, a PayPal executive called Regretsy to apologize, unfreeze the account, eliminate any fees for the rest of the year and very generously offer $200 gift cards to each family in the fundraiser.

PR Cherry Bomb #3 – AIRBNBAirbnb faced one of this year’s biggest PR nightmares. The online housing rental company was fast-becoming a media and tech darling. Then a blog post surfaced by an Airbnb user named EJ who rented out her apartment through the service and came home to find it ransacked and vandalized, her valuables stolen and possessions burned. Although the blogosphere didn’t get wind of the incident until a month after it happened, the details became known about how Airbnb handled the situation and it set off an immediate negative reaction.

The CEO issued what some called a “mild” apology on TechCrunch and the Airbnb user EJ rebutted the apology instantly, stating Airbnb had not been in contact with her in a month, that the agent who helped her transact the rental went silent three days after her initial report of the incident, and – most condemning – the CEO was making veiled threats for her to whitewash her posts since they were damaging to the company. These claims really put Airbnb in the hot seat.

Startup entrepreneurs, corporate executives and PR reps can all learn a lot from this particular incident about how to best handle a crisis. For starters, it’s best to proactively address an incident publicly rather than letting it surface on its own, forcing a company to later assume a defensive, reactionary position. Also in this case, the company had little to say about how it helps keep customers safe. In times of crises, customers appreciate hearing from the company what they are doing to give their users peace-of-mind. Lack of contact and radio silence tends to only incite more anger and disappointment.

On the bright side, the young company took a hard look at itself and started making substantial improvements to gaps in its offering. To be more responsive to customers, Airbnb established a customer service department, improved security procedures and introduced an insurance guarantee program. In the face of controversy, it’s applauding to implement new measures to demonstrate how the company is committed to dealing with any customer problems.

PR Cherry Bomb #4 – GODADDYThis PR Cherry Bomb comes from a company known for pushing the envelope that finally went too far. GoDaddy.com’s CEO triggered international outrage when video and photos surfaced of him hunting big game in Zimbabwe and boasting about “bagging an African elephant.” The CEO’s public response was that his participation in this kind of hunt was to aid local villagers, who were being harassed and pushed to the brink of starvation by elephants eating local crops.

Once the video went viral, though, the damage was done. Anger and rallying cries to protest GoDaddy.com were rampant, with individuals canceling their accounts and PETA amassing several thousand signatures in only a couple of days to boycott GoDaddy. Boycott GoDaddy websites and Facebook pages began to crop up. Even a competitor, Namecheap.com, ran an entire PR campaign and promotion to get people to dump GoDaddy and switch over, with 20% of the proceeds donated to savetheelephants.com. GoDaddy’s CEO seemingly didn’t anticipate the emotional response and professional fallout that his actions would cause.

Our personal and work lives are blurred more than ever because of social media and an always-on, connected world. Personal Facebook profiles are tied to professional brand pages; Google+ circles and 1+s are publicly visible; Twitter is a firehouse of permanent public remarks; YouTube and Flickr are easily tagged and searchable. All of these social media channels usher in a new way of conducting our professional and personal matters online, and careful thought needs to go into how we behave, lest the brands and companies we’re tied to suffer the consequences.

PR Cherry Bomb #5 – SONYIt started in the spring for Sony – a security breach where the names, addresses and credit card numbers of 77 million PlayStation Network (PSN) accounts were hacked. It took Sony a whopping seven days to alert the public about the massive security breach. Then in the fall, Sony’s PSN was hacked again, affecting about 93,000 accounts. And then while already under scrutiny for ongoing security flaws and weak links, Sony was blasted for surreptitiously updating its PSN terms of service with a clause prohibiting people from suing the company without first obtaining its consent to do so.

Any security breach involving stolen personal and financial information is a grave matter, as is the amount of time a company takes to report a breach to its affected customers. In the spring hacking incident, Sony took a full week to confirm rumors that were already swirling around on the Internet. It was bad enough that PlayStation users couldn’t log on to their PSNs without even a peep from Sony as to why, but failure to notify PSN users that their personal and private information was stolen (and likely subject to criminal activity) certainly didn’t help matters.

Companies facing a data-hacking incident should alert their customers immediately about the security breach, explain how the company is handling it, and inform customers what they can do to protect themselves. Even under the best of circumstances, it is important for companies to anticipate customer needs, and clearly and transparently communicate changes to their terms of service, pricing, products/services, etc. The poor timing and communication of Sony’s updated TOS led many to believe – right or wrong – it was still tackling security holes.

In ClosingAs we move into 2012, we can learn from these PR Cherry Bombs before us, and also take a page from some of the good PR tactics we saw come out of them such as with PayPal and AirBnB. Some of our upcoming blogs will likewise examine good PR practices and highlight examples where companies got things right from the get-go.

Which incident profiled above do you think stands out as the most deserving of this year’s Cherry Bomb award? And what are some other PR strategies and actions companies could have employed to better handle the bad PR situations they were facing? Let us know what you think!